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AMENDMENTS TO THE CLAIMS 



1 . (currently amended) An illegal access data handling apparatus, b e ing comprising: 

a control system; and 

a decoy server, functionally coupled to the control system, wherein the apparatus is 
placed outside a given internal communication network, for receiving illegal access data 
transmitted from a data communication device placed outside the internal communication 
network for a purpose of illegally accessing the internal communication network, and for taking 
countermeasures against the illegal access data received , further wherein the countermeasures 
include providing a response pretending to originate from the internal communication network . 

2. (previously presented) The illegal access data handling apparatus of claim 1, wherein the 
illegal access data handling apparatus is connected to an illegal access data detection device for 
relaying a data communication between a data communication device placed within the internal 
communication network and a data communication device placed outside the internal » 
communication network, and for detecting the illegal access data, and 

wherein the illegal access data handling apparatus receives the illegal access data from 
the illegal access data detection device. 

3. (currently amended) The illegal access data handling apparatus of claim 2, further comprising: 

a data reception section for receiving the illegal access data from the illegal access data 
detection device; 

a data analysis section for analyzing the illegal access data received by the data reception 
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section; 

a response data generation section for generating response data to the illegal access data 
based upon an analysis result from the data analysis section; and 

a data transmission section for transmitting the response data generated by the response 
data generation section to the illegal access data detection device. 

4. (previously presented) The illegal access data handling apparatus of claim 3, wherein the data 
reception section receives an encapsulated illegal access data from the illegal access data 
detection device, 

wherein the illegal access data handling apparatus further includes a capsulation section 
for decapsulating the encapsulated illegal access data received by the data reception section to 
extract the illegal access data, and encapsulates the response data, and 

wherein the data transmission section transmits the response data encapsulated by the 
capsulation section to the illegal access data detection device, 

5. (original) The illegal access data handling apparatus of claim 3, wherein the response data 
generation section generates response data having same contents as those of response data that 
would be generated by a specific data communication device placed in the internal 
communication network in response to the illegal access data if the specific data communication 
device received the illegal access data. 



6. (original) The illegal access data handling apparatus of claim 3, wherein the data reception 
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section receives from the illegal access data detection device communication history information 
indicating a communication history of the illegal access data detection device, 

wherein the data analysis section analyzes the communication history information 
received by the data reception section, and generates illegal access data designation information 
designating data transmitted from a given data communication device placed outside the internal 
communication network as the illegal access data based upon an analysis result of the 
communication history information, and 

wherein the data transmission section transmits the illegal access data designation 
information generated by the data analysis section to the illegal data detection device. 

7. (original) The illegal access data handling apparatus of claim 4, wherein the data reception 
section receives the illegal access data having authentication information attached to be used for 
data authentication from the illegal access data detection device, and 

wherein the capsulation section performs the data authentication for the illegal access 
data by using the authentication information. 

8. (original) The illegal access data handling apparatus of claim 7, wherein the capsulation 
section attaches the authentication information to be used for the data authentication for the 
response data to the response data, and 

wherein the data transmission section transmits the response data having the 
authentication information attached by the capsulation section to the illegal access data detection 
device. 
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9. (currently amended) A method for handling illegal access data outside a given internal 
communication network, the method comprising: 

receiving illegal access data transmitted from a data communication device placed 
outside the internal communication network for a purpose of illegally accessing the internal 
communication network; and 

taking countermeasures against the illegal access data received , wherein the 
countermeasures include providing a response pretending to originate from the internal 
communication network. 



10. (previously presented) The method of claim 9, comprising: 

communicating with an illegal access data detection device for relaying a data 
communication between a data communication device placed within the internal communication 
network and a data communication device placed outside the internal communication network, 
and for detecting the illegal access data; and 

receiving the illegal access data from the illegal access data detection device. 

11. (original) The method of claim 10, comprising: 

receiving the illegal access data from the illegal access data detection device; 
analyzing the illegal access data received by the receiving; 

generating response data to the illegal access data based upon an analysis result from the 
analyzing; and 

transmitting the response data generated by the generating to the illegal access data 
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detection device. 

12. (original) The method of claim 10, generates response data having same contents as those of 
response data that would be generated by a specific data communication device placed in the 
internal communication network in response to the illegal access data if the specific data 
communication device received the illegal access data. 

13. (currently amended) A method for responding to unauthorized access to an internal 
communications network, comprising: 

receiving an encapsulated unauthorized access packet at a data center placed outside the 
internal network, and wherein the unauthorized access packet is redirected from a target server 
residing within the internal network; 

analyzing the received packet to formulate a response packet; 

encapsulating the response packet so that it appears to originate from the target server; 

and 

sending the encapsulated response packet to [[the]] a network device, wherein the 
network device is within the internal network. 

14. (previously presented) The method according to claim 13, further comprising: 

determining if the encapsulated unauthorized access packet was transmitted from a client; 
judging whether data of the encapsulated unauthorized access packet came from an 
unauthorized source; 
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analyzing the encapsulated unauthorized access packet based upon data from a 
knowledge base; and 

notifying a decoy server of the analysis result. 

15. (previously presented) The method according to claim 14, further comprising: 

referring to a client database; and 

collating the encapsulated unauthorized access packet with information contained in the 
client database. 

16. (previously presented) The method according to claim 14, further comprising: 

accessing a knowledge base having information associated with past encapsulated 
unauthorized access packets. 

17. (previously presented) The method according to claim 13, wherein the network device 
decapsulates the encapsulated response packet and forwards the decapsulated packet to the 
source of the unauthorized access packet. 
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